10 PEAR Packages for Every PHP Developer's Toolbox

November 30, 2010

PHP easily ranks among the world's most popular programming languages, with the TIOBE Programming Community Index placing it second only to Java, C, and C++ in terms of global language adoption. Logically, a community of this size has an enormous amount of commercial interests at work, with companies like Microsoft, IBM, and Zend offering a host of products and services. Additionally, a large open source ecosystem has also been built around the language, with project hosting websites such as GitHub and SourceForge home to tens of thousands of PHP-driven projects.

PHP developers also have another community-driven treasure trove at their disposal, one which is host to almost 600 high-quality libraries yet never seems to garner the attention it deserves. I'm referring to the PHP Extension and Application Repository, better known as PEAR, and in this article I'll try to shine the spotlight just a bit brighter on this fantastic community resource by highlighting 10 useful PEAR libraries (better known as packages) that have become an indispensable part of my programming toolkit.

1. Authenticating Users with Auth

Back in the Web's early days, it was typical to authenticate users using Apache's built-in authentication feature. But as the breadth of information shared over the Web continued to grow, so did the need to authenticate users in increasingly flexible and sophisticated ways. For instance, you might wish to unify your company's employee accounts using LDAP and require all users to log in to the intranet using the newly unified account. Likewise, if you were attempting to build a new Web-based e-mail client, you'd likely want the user to be able to log in using his or her email account credentials. Yet understanding how each of these authentication protocols work isn't practical. Instead, you can rely on the Auth package to take care of the gory details for you.

Auth is capable of authenticating a user against an impressive number of protocols, among them IMAP, LDAP and RADIUS. Further, you can use other supported adapters to consult credentials stored in a database, textfile, or even an array. Auth will even auto-generate a login interface for you!

2. Cleaning Up Your Code with PHP_Beautifier

When you're lost in the task of banging out reams of PHP code, following formatting and other best practices are probably the last things on your mind. Why not leave the formatting to the PHP_Beautifier package, a command-line and scripting tool capable of reformatting your code to your exacting standards. Default features include the ability to bring your scripts into compliance with the PEAR Coding Standards, convert all control structures to lowercase, clean up your documentation, add newlines before and after specified tokens, and more.

Consider using PHP_Beautifier in conjunction with another powerful package named PHP_CodeSniffer, which is introduced later in this article.

3. Converting Roman Numerals with Numbers_Roman

Although in all of my years I haven't had the opportunity to use the Numbers_Roman package within a project, I regularly reference this particular package when encouraging PHP developers to learn more about PEAR because it is a perfect example of PEAR's ability to help you implement a solution to an uncommon yet difficult problem. Suppose you were creating a website for movie aficionados, which stored the movie's release date using Roman numerals in the same fashion you're used to seeing in a movie's opening credits (for example, MCMLXIII). To encourage the community to add new movies to the database, you allow them to enter these release dates using Arabic numerals (1963, for instance). The Numbers_Roman package can help you to easily translate between the two.

Attempting to implement this feature on your own would be an interesting programming exercise, but not exactly something I'd want to do while facing a deadline!

4. Creating Forms with HTML_QuickForm2

Many developers tend to bristle at the notion of programmatically creating HTML forms. I too was a vocal leader of the "just say no" crowd, until encountering the Zend_Form component. Not long after, I was dragged kicking and screaming into form nirvana. The fact is programmatic form creation is about much more than simply programmatically outputting HTML; most solutions include the ability to associate validators with fields, set field defaults, and filter user input, three tasks that can be difficult and tedious to implement.

If you're not using a framework such as the Zend Framework or CakePHP -- each of which offers its own automated form generation solution -- check out the HTML_QuickForm2 package. HTML_QuickForm2 supports the ability to render all of the usual HTML form elements, in addition to complex fields such as a dual select box. Also supported are a wide range of input validators capable of vetting data for length, existence and equality, and you can even define your own custom validators for specialized purposes.

Additionally, you'll find that formatting flexibility is not compromised when using a solution such as HTML_QuickForm2, as you'll be able to continue displaying forms in any way you see fit, complete with CSS integration.

5. Downloading Files with HTTP_Download

One of the most frequently asked questions about Web development pertains to how one can provide certain users with the ability to download files such as PDFs, while simultaneously preventing others from accessing these files by manipulating the website URL. The most common answer involves using an intermediary service, which will retrieve the desired file from outside of the Web server's document root and then stream the contents to the accredited user. While the knowledgeable developer won't find a simple implementation of this task particularly challenging, resolving the security issue is only part of the challenge. More sophisticated implementations might handle caching and compression, and support resuming partial downloads, none of which I'd want to implement myself.

If you're looking for a one-stop solution for handling Web-based downloads, check out HTTP_Download. It bundles all of these features into an incredibly easy-to-use package. For instance, the following snippet is suffice to retrieve a file residing outside of Apache's document root and send it to the browser for download:

6. Enforcing Coding Standards with CodeSniffer

Returning to the previously discussed matter of following coding standards (see the section introducing PHP_Beautifier), it seems that this task is akin to writing documentation: most developers will avoid it at all costs. Unfortunately, the costs of avoiding either can be pretty high, resulting in lost time and increased maintenance costs. While no known solution can force you or your colleagues to write documentation (although phpDocumentor will certainly help), you might be able to improve upon the adoption of coding standards using PHP_CodeSniffer.

PHP_CodeSniffer is a PEAR package that can parse your project's PHP, JavaScript and CSS files to ensure compliance with coding standards such as those adopted by PEAR. Among other standards it can review your code for are indentation, variable and class naming conventions, comment usage, and control structure formatting. You can also use it to review CSS for gaffes such as style duplication.

7. Fooling Spammers with Text_CAPTCHA

The Completely Automated Public Turing Test to tell Computers and Humans Apart, or CAPTCHA, is an ingeniously simple solution for preventing automated spambots from littering your website's blog comments and other forms with unwanted advertising. Relying on the fact that computers are notoriously bad at certain tasks -- such as notably recognizing the contents of an image -- programmers require humans to respond to a simple challenge in order to successfully submit a form. Such a challenge would include asking the human to echo the contents of a programmatically generated image containing a random string, such as 4Xy98M.

If you're sick of deleting unwanted comment spam and would like to integrate CAPTCHA protection into your forms, check out Text_CAPTCHA. Text_CAPTCHA will generate the image-based text and text field for you, storing the text value in a session variable that you can check once the form has been submitted. If the text field matches the session variable contents, chances are the submitter is human. Otherwise, you can disregard the form.

8. Managing Git Repositories with VersionControl_Git

I'm an avid GitHub user, relying upon the service to manage not only my various software projects, but also my books. I've even gone so far as to integrate Git-driven features into recent projects, which allows me to easily view a project's contents without having to use the command-line or login to GitHub.com. Although GitHub offers an API for talking to the service, I'd rather avoid writing my own PHP implementation and instead found VersionControl_Git, a simple object-oriented interface to my local repositories.

Although still a work in progress, VersionControl_Git is already capable of performing the most commonplace repository-related tasks, such as creating a new repository, viewing commit information, and reviewing repository contents.

9. Tweeting with Services_Twitter

To paraphrase the ancient riddle, "If you didn't Tweet about it, did it ever really happen?" If you're adamant about letting the world know about every cup of coffee drank, newspaper article read, and previously lost sock found, check out Services_Twitter, a convenient PEAR package that can send updates to your Twitter account. All you need to do is authenticate using your Twitter account's username and password, and pass along an update using the package's update() method. Using this simple yet effective package, all of your applications can be sending updates to followers in no time.

10. Validating User Input with Validate

Validating user input is difficult, which explains why so many websites are compromised due to the developer's avoidance of this tedious task. Yet there's no excuses for neglecting to validate all user input, because any task that is simultaneously so difficult yet ubiquitous is likely to have been implemented in a PEAR package. Sure enough, the powerful Validate package has been around for some time now, making input validation a breeze.

The Validate package covers basic validation tasks, including validation of numbers, email addresses, and URLs. Locale-specific packages such as Validate_US provide validation tasks specific to the United States, offering validators for phone numbers, zip codes and social security numbers. See the Validate documentation for a complete list of locale-specific validation packages.